formbook

General

Target

JaffaCakes118_9af8ba0425b74b8d500823cb40779044426a7572ca0c5fb7da7f59cd823c8d42
Size

902KB
Sample

241222-c149fszpbr
MD5

d8f6483fef29ed9551f9dfef10aaad79
SHA1

719a8479ac8514ede44956c47c8e7a50a82eccf0
SHA256

9af8ba0425b74b8d500823cb40779044426a7572ca0c5fb7da7f59cd823c8d42
SHA512

ebb409a8888e8fbad45da9c93a64cf5955730e1d24f2b96dae3c10e919260ce5436b36844e54a2cde6779de4b3d9e894deef6b813efd68faf0a3cdee4c547f23
SSDEEP

24576:nDIMtCLuUGphCx5eEbzZXFroGWJjYAlcHqW9:xML38hwxbzBtOtS

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

dw4g

Decoy

keundha.com

gss-india.com

neema.xyz

marscastvoyage.com

cafuti.com

empiredigitalworldnews.com

rumblebumbles.com

chevalpublications.com

rewindau.com

dskensho321.xyz

fywb-avff.com

locking-devices.com

getsomeincome.com

uva888.com

rrrf.space

timberlandobuwie.com

transferpanou.com

ikigaicornerstore.com

jervoisbrazil.com

savagereviews.xyz

Targets

- Target
  
  f301682053d5e2fd2982d90d37508983ac1bf5e630e66e553573709ce7e37817
- Size
  
  1.2MB
- MD5
  
  0909c0f35eb5d8693d0a572aca2b8c74
- SHA1
  
  f68481fff291de0a55fa7b43f01e7905a027f56c
- SHA256
  
  f301682053d5e2fd2982d90d37508983ac1bf5e630e66e553573709ce7e37817
- SHA512
  
  c79ef0d31921d37f1585c66bd351167a249b36da9b359ca98e865c47a852809b08514fcb2bc4f58f35685ff4cb6a65805aefb4361bedb3344821f80e039d562b
- SSDEEP
  
  24576:B/w4Tcww2frV8+iphCxvA6FzTXtJo0WpzuAl8BNeLc:B/wg3xV0hczFzDnsvbLc
Score

10^/10

formbook dw4g discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2